Description

This module enables you to create polls accessible by an url with hash (e.g. example.com/makemeeting/sn9028xh3398) so that anonymous users can view and vote on the poll.

The module didn't sufficiently check access when a poll is accessed directly via its node url (e.g. node/123). Note: a user with the hashed url can still access and vote on the poll as that is the intention of the module.

CVE identifier(s) issued

CVE-2013-4379

Versions affected

Make Meeting Scheduler 6.x-1.x versions prior to 6.x-1.3.

Drupal core is not affected. If you do not use the contributed Make Meeting Scheduler module, there is nothing you need to do.